Nine fake Android apps from Google’s Play Store have been downloaded 470,000 times masquerading as performance optimization tools. Instead of serving its described purpose, they had fraudulent access to users’ Google and Facebook accounts, according to Japanese cybersecurity company Trend Micro.
The firm has detailed its findings in a blog post, describing app developers’ pernicious strategy to get hold of users’ personal information. Said apps had names such as “Speed Clean” or “Super Clean,” pretending to be a tool for optimizing the performance of the user’s smartphone by cleaning it from superfluous files.
Instead, the apps downloaded up to 3,000 variants of malware (detected by Trend Micro as AndroidOS_BoostClicker.HRX) on infected smartphones and were, consequently, able to access the victims’ Google and Facebook accounts to conduct fraudulent advertising practices. These false tools were, among other things, displaying ads from regular platforms such as Google AdMob or Facebook Audience Network and then simulating clicks on the advertisements.
Furthermore, fake apps also asked users for permissions while disabling Play Protect, which is the security program in the Google Play Store. This, in turn, allowed them to download more and more fraudulent software without being spotted.
Finally, they were also able to use accessibility options to post fake comments and ratings to the Play Store to attract even more users.
After learning of the incident, Google removed affected apps from the Play Store. Nevertheless, the malware is expected to resume the attack with other fake apps. Until you (all of us, really) watch what we click on, or install a mobile antivirus solution.
The most affected were users in Japan, Taiwan, the United States, Thailand and India.